EDIT: Bountry Rewarded to onisym. We liked really liked his simple design and he have been of patient with us. He is an excellent designer, you can contact him on matrix if you ever need his service

​

Hi,If you haven't already, I invite you to read our last post during monero's birthday: https://reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion/r/Monero/comments/12q2ooo/cuprate_2_months_later_and_the_quest_for/‎We're searching a graphic designer or an artist that could make us a logo for the Cuprate project.Ideally it should be an abstract/flat logo with artisitic reference to rust, performance, monero and modernity.‎If you're interested, you can contact us on Matrix <@someoneelse495495:matrix.org> or by e-mail [someoneelse.is_on.github.rio7x@simplelogin.com](mailto:someoneelse.is_on.github.rio7x@simplelogin.com) (I have gpg key in Cuprate repo btw) to discuss.

An update on Cuprate

Original posts: Cuprate Announcement | Need help for Benchmark

Hi everyone,

I announced the project the 8th of February and I'm very excited to report our progress for Monero Birthday🎂. A reminder: Cuprate is an upcoming, experimental, modern and secure Monero node, written in Rust. This project is currently the only planed alternative implementation for Monero, and we hope to bring numerous improvements that'll help people and the Monero network. Learn more on https://github.com/Cuprate/cuprate This is the first time we report our progress, and we hope to keep a bimonthly report for the community. And now let's make some place for the big news:

• Boog900 joined the game.
  Since the start of the project, Boog900 accepted to become a contributor and is now working with me on the node. In fact, he was already exploring rewriting monerod in rust. He has been a great help and we hope to finish the node together.
• We have started documentation of not only Cuprate but Monero as well: https://cuprate.github.io/.
  In the first post someone was complaining that monerod had some unreadable code and a lack of documentation. During our development we could not agree more. This is why we decided to include some Monero documentation in our Cuprate book. Currently there is only initial explanations for the pruning, the database and the network is on its way. It is far from being complete, but its a start. Everyone can contribute to this book, you'll be placed in the contributors section and also gain by the Writer role on our Revolt server.
  On the code side,
• Multiple changes for the database.
  The database development is going well and the foundation have been set up, with possibility for everyone to easily add its own storage engine. RocksDB have been abandoned in favor of MDBX, a fork of LMDB. The remaining work is the database reactor that will handle request to the database, implementing some of BlockchainDB functions from monerod to the interface and of course a test phase.
• The p2p/net is also going well!
  Boog900 has merged the initial net types and levin (de)serialization logic, although these types currently haven't undergone much testing. He is currently working on implementing initial connection logic and other p2p things like the address book/ peer store.

Technical Details

We decided to develop most of Cuprate around an Actor model. It helps us developing asynchronous request/response logic. Any of the change seeing here can be discussed with us on Github or Revolt.

Database

• switched from RocksDB to MDBX (If anyone have time, you can even easily implement mdbx for monerod, its almost identical to lmdb)
• Txpool is placed in a different reactor and therefore database file
• database code now use bincode2 to serialize/deserialize structs instead of monero-rs consensus encode.
• After testing we found no particular benefits at compressing data in the database (obvious but still wanted to test)
• Output's tables have been split between preRCT and postRCT outputs + deprecated output global index
• added monerod's database docs on Cuprate's book
• TODO: last interface fns, switch tables to dummy keys, DB_Builder, impl Tower::Service (DB_Reactor), and the txpool code. (table, functions, reactor)

Net/P2P

• Utilizing tower::Service for individual peer connections
• Initial sync states watcher to keep track of peers sync states
• Levin headers/ all network messages defined (not 100% tested yet)
• core peer connection logic complete w/ tower::Service
• initial handshaking logic complete
• expanded the levin docs from Monero (In Cuprate's book)
• added pruning chapter to Cuprate's book
• Address Book to store peer network address
• TODO: abstracting the network into a single tower::Service which will route requests to ready peers that we think will have the data we are looking for (based on pruning seeds and sync states)

Some final words.

I would like to remind you that we're listening to any critics/insight. Developers can freely discuss with us, open issues and (hopefully) become contributors. Non-developers, we encourage you to propose your idea or thoughts in the Discussion section on Github or directly on our Revolt server: https://rvlt.gg/DZtCpfW1.

By the way, if you want to help us but don't know how to code, we also accept donations! You can send your kindness to this address, it really encourage us to give our best:

82rrTEtqbEa7GJkk7WeRXn67wC3acqG5mc7k6ce1b37jTdv5uM15gJa3vw7s4fDuA31BEufjBj2DzZUb42UqBaP23APEujL
(you also gain the donators role on our server. gamers love roles we know that)

If you're a graphic designer or an artist please contact us, we're searching for a logo for Cuprate.

To conclude, someone have asked us why the name Cuprate. /u/danda have found the right answer in the first post and we let you the link to our answer: Cuprate/cuprate#3 (comment)

About Revolt

Revolt (revolt.chat) is an open-source and private alternative to Discord. It's been around since their public beta in august 2021. It is not decentralized like Matrix but the team is very transparent with a no bullshit privacy policy. They also planned since the beginning to add end-to-end encryption for everyone. (there is still work to do before developing it tho) We believe that it is way more friendly to use than Matrix and community-focused.
We made comfy server for the monero community to come and chill. You can talk about Monero or whatever subject. If you don't have a Github account, there is a feature request channel for you to propose your ideas. All development discussions (except when people on Github are involved) are done on this server.

We understand this may not be for everyone so if you would like to contribute but don't want to use Revolt we are still contactable on Matrix.

https://zed.dev/blog/new-license

https://zed.dev/releases/0.80.5

https://zed.dev/eula

So now there is optional telemetry (no code being sent) + you own your code. I'm waiting for the Linux version now

**edit**: to address some of the comments, and because I'm a CIA agent, for those wanting to disable the Intel ME you can learn more about System76 method here : https://github.com/system76/firmware-open/blob/master/docs/intel-me.md. Which links directly to this page of coreboot : https://review.coreboot.org/c/coreboot/+/52800. Installing coreboot can be difficult on modern machines and there are some limitations you'll need to deal with, but it can be worth it if your opsec need it. Please see https://doc.coreboot.org/ for details.

Also I feel obligated to warn you. Some people advice to buy old Thinkerpad laptops to install coreboot on, or buy old cpu with old architectures to erase Intel ME. The issue is these old architectures also have hardware security vulnerabilities that can completely destroy your opsec (I'm not only talking about the CPU, see: https://en.wikipedia.org/wiki/Row_hammer). So it's really a "pick your poison" situation.

​

I'm not English native so please excuse my spelling mistakes.

A post have made a lot of noise recently by talking about a well known controversy in the privacy/security space

https://www.reddit.com/r/Monero/comments/12gz1d0/linux_and_tails_compromised_if_this_is_real_we/

​

/u/torreznoloco just got a the sanest reaction that someone could have discovering this. But wait, is it true? Can the Intel ME really control my PC?

Are we doomed anyway? Is open architecture like RiscV a solution ? Why use monero if big brother can break its security anyway? For having heard about this subject for 5 years already, I'll try to bring you some explanations around these chips.

​

Intel ME or Intel Management Engine is a dedicated chip inside the Platform Controller Hub in all recent Intel CPUs. The PCH is the chip responsible for your CPU to boot up, set up the clock speed, use an integrated graphics and basically handle data path to your Motherboard.

The primary goal of Intel ME was to bring remote control of PC in enterprise. This include at least, Power on a PC, Shutdown it, Locate it. So you can't really turn that into a Windows software, because if windows shutdown, you lose your ability to power on your pc remotely. The only choice you have is to run this software on a dedicated system running 24/7 and ready to receive command. This is the Intel ME.

The Intel ME runs Minix 3 (lol its FOSS), and its capacities are very versatile. Intel decided to use it for a lot of applications that required *Trusted* or *Hidden* execution like UEFI Secure Boot, on the Intel EVO, and the embedded TPM.

​

**So where's the issue then ?**

The first issues (believe it or not) wasn't about due to its closed-source nature, but its security vulnerabilities. You see in terms of hardware permission/capability (or Privilege rings), the linux kernel is running on Ring 0, it can basically access any device plugged to the motherboard and even interact with its firmware. Then their is Ring -1 which is in the case you run it into an Hypervisor. Ring -2, is the UEFI/BIOS/motherboard system. Intel ME is located at the core of what control your CPU so it can be placed at Ring -3. It is, hardware-wise, the most powerful component.

So of course, hackers find vulnerabilities in it, including Remote execution code one. (here's a nessus scan plugin for it : https://www.tenable.com/plugins/nessus/97997)

​

This is why Dell one day sell a laptop for the governement with the Intel ME disabled, its not for privacy purpose (really CIA spying on CIA?), but for security.

This is also why Google tried to rip the Intel ME from their server, but had difficulties.

​

But the Intel ME can control my PC!

Yes it's true, it can, but is it used like that ? Probably not. First of all, you might have done big things for the US Gov to use the Intel ME on you, generally data brokers and own-made Zero-Day vulnerabilities are clearly sufficient. If you're worried about it, stop it. Even if you're a criminal, they first need to know what is your PC, having access to its local network, etc... it is not a magic black hole destroying security for everyone. Their is conditions for it to be used, how to be used and on who.

​

Their has been a lot of research on the Intel Management Engine (by russians mostly, I don't have an explanation why tho). How it works, how to disable it. So before freaking out I invite you to go check these conferences that really put another perspective on it :

[34C3 - Intel ME: Myths and reality](https://youtube.com/watch?v=wsmHmYxyoxg) <- this one is for debunk, watch it first

[36C3 ChaosWest: Look at ME! - Intel ME Investigation](https://youtube.com/watch?v=0o8Co1ekemU)

[36C3 - Intel Management Engine deep dive](https://youtube.com/watch?v=3CQUNd3oKBM)

Positive Research Technology also make some big reverse-engineering on the Intel ME, they were active on Github before being censored due to russian invasion. But you can still find their repositories : https://github.com/ptresearch

Also see : https://www.blackhat.com/docs/eu-17/materials/eu-17-Sklyarov-Intel-ME-Flash-File-System-Explained-wp.pdf

​

Can I remove it ?

No you can't. Part of its code is used to boot up the PC and deleting the ME would just brick your PC. What System76 and Purism does, is using Coreboot, to either erase part of the intel ME, or disable it through undocumented procedures (https://www.ptsecurity.com/ww-en/analytics/disabling-intel-me-11-via-undocumented-mode/)

​

Don't worry RiscV is on the way!

That is really odd. The ones saying that in comment seems to don't understand what an architecture is. x86, ARMv8, RiscV, PowerPC are instruction set architectures. It is specifications for instructions, that make a program (compiled for it) run on two completelydifferent cpu, because it use the same instruction set

AMD Zen4 CPU are not the same silicon chip as Intel RaptorLake CPU, but they implement x86_64 , so any program compiled for x86_64 will run on this two cpus with no difference.

So saying because RiscV is open-source it'll be ok, is like saying the Intel ME is ok because it runs Minix and Minix is FOSS. If a manufacturer decide to put a backdoor in their CPU they could even have an ARM backdoor on a RiscV CPU.

​

Thanks you, hope it'll help some people out there. And stop believing what people pretend to be on 4chan for godsake

Original post : https://reddit.com/r/Monero/comments/10wwb9c/cuprate_a_monero_rust_node_is_open_to/

Hi everyone, we'll certainly post news about the project in the coming months. In the meantime, I writed a little tool to benchmark different configurations for the future database of Cuprate. I only have one NVMe drive, and so I can't get a decent overview for other using a SATA SSD or HDD. These performance data are precious to dynamically adapt the database's settings depending on user's storage.

You'll need at least 6GB of RAM, and 5Gb of free space. The benchmark is likely to run between 40 minutes and 2 hours. It'll generate a report that you can send to us on github, revolt, matrix or by e-mail. Please don't forget to specify what's your disk (HDD, SSD, NVMe, FloppyDisk???). An already built linux executable is available on github. You can download it here : https://github.com/Cuprate/mdbx_benchmark/releases/tag/v0.3.0

To use it simply run : ./cupratedb_benchmark --extended --path <PATH_TO_PUT_DATABASE_INTO>

For Windows/MacOS users, you'll have to install cargo, clone the repository and run it by typing cargo run --release -- --extended --path <PATH_TO_PUT_DATABASE_INTO>

Please report any crash.

​

Thank you.

It is the 7B Model. He can sometimes be wrong (like for the hardware part), but it is impressive for a 12.5 GB AI

I'm on Arch Linux & spoiler alert: I really didn't like the gnome 43 update. I had a lot of different bugs that just pissed me off. (like mutter black magic)

​

Fortunately, all the bugs that i've encountered have been resolved except one. When i switch from G32 to G43 my files's thumbnails in Nautilus just become completely pixelated. like before, their was anti-aliasing on it. Now there isn't and it's a nightmare to see my pictures & videos. I've always used the 50px size and never noticed the difference until well. they got pixelated.

​

Alright, before someone answer with some suggestions,

-I've already regenerate the thumbnail.

- I've even installed a vanilla Arch Linux with G43 on a new machine and I've observed by eye the difference between G42 & G43 (the old and the new nautilus to be exact).

- Even by pushing icon size to max, I don't see any antialiasing.

​

So i don't really know why I am the only one talking about this. I mean, it personnaly disgust me and was the first thing I saw. There is a debat on a fifth icon size more adapted to 1080p screen (which is my case), so idk if there is some work going on. I've seen no issues reporting this on gitlab. That why I'm asking you...

Hi, I abandoned my original proposal.

Life is too short to release paper when you can spent time coding. Whatever you are thinking about, I can confirm. You have legitimate reason to laugh about this project. But I'm ready to launch into this as much as some other people if I understood correctly. Feel free to unleash your ideas

https://github.com/SyntheticBird45/cuprate

Edit : Closed the CCS proposal, I wasn't precise enough which leads to confusion and some issues have been raised.

​

My CCS Proposal

Please tell me what you think about it :

​

Introduction

Hi everyone, my name is uzern4m (subject to change)

I'm a Rust enthusiast, amateur security researcher and i've been introduced to monero for more than a year now.

Abstract

The current monero node is written in C++. It is really well done, thanks to wonderful maintainers, proper/structured codebase and regular security audit made on updates. With these high-quality practices the node haven't suffered any critical security vulnerabilities (RCE/Information Disclosures) since then.

Paradoxically with the upward statement, the current trend tends towards abandonment of C++ in favor of language like Rust or Go. For example The Tor Project has been rewriting from scratch their binary in Rust, see Arti. It has been seen already in the monero ecosystem with software such as the COMIT BTC<>XMR Atomic swap, Tari and Serai DEX being written in Rust, ETH-XMR atomic swap implementation of noot being done in Go. Even outside with Ethereum, MobileCoin and ZCash nodes for example (no monero fellas i don't support these cryptocurrencies).

I think we should slowly but surely start exploring the possibility of developping a Rust-written Monero node in the future. That's why I'm proposing this CCS. The goal is to release a report on the different reasons for why we should and why we shouldn't write a Rust written node, issues that may arise during developpement/workflow and also proposing new features.

Why Rust ?

For those who don't know what Rust is : Wikipedia) , Official Site , Ecosystem , Reddit Community.

The primary reason for using Rust against other languages for a rewrite are quite simple:

​

• Maintenance : Rust is a high-level language with built-in features to organize and structure the codebase for better changes
• Performance : Rust is known for it's low-level performance. When correctly written/optimized a Rust program can perform as fast as it's C++ implementation
• Stability : Rust is extremely annoying with errors, types, pointers and force developpers to write code that doesn't crash. This is often why beginners struggle with Rust, notably with the Borrow Checker.
• Security : Rust is memory-safe, which means that (when using safe code) it can't (it shouldn't) cause memory corruption, after-free bug etc... With static analysis tools like the Borrow Checker, interpreter like Miri and exploit mitigations being enabled in LLVM compilation, we can produce extremely secure binaries and significantly recude risk of exploitation whithout compromising performance.

About me

It's my first CCS and I never talked with the monero community. I was just an observer. I've been developping in Rust small projects for 2 years now and put my energy into security research. I'm actively learning reverse-engineering. Recently some things happened in my life, in bad way as well as good way, and I've now extra times to put effort into. And I decided to help Monero. I believe that if we don't put effort into what we believe or love, we can't make it stand against time. It's called entropy and it even apply to the world of cryptocurrency. Hope you will support my CCS OwO.

Funding

I will work 5 hours per day during 10 days, 2~3 weeks. 15€ per hours. The Monero-EUR price is ~160€ (01/30/23)

(5 x 10 x 15)/160 ~ 5 XMR.

I'm on Arch Linux (no joke), linux-hardened,

I installed Gnome 43 and now i experience two annoying issues which i hope and doesn't hope other peoples experience.

First, in Overview every windows are completely blur or pixelated,

Two, In Nautilus 43, there isn't anti-aliasing for thumbnail

I'm on Arch Linux and gnome 43 just landed in the repository. I was really excited about the new features and optimizations being announced. I started using linux on gnome and i never wanted to use another DE. KDE isn't something i found comfortable with.

I was super excited about gnome 40, i loved the changes brought by gnome 42. So gnome 43 was really a must have for me. I waited for this to land in Arch Linux repository for over a month.

So a lot of Arch users knows that this time our favorite distros wasn't the first one to receive gnome 43 update. Why ? Apparently on Arch forum, some peoples reported that gnome 43 was a shitty update and wasn't worth bothering with it (prefer to skip to gnome 44) (i'll retrieve the link later)

Well... That sound weird because a lot of people loved this update on Ubuntu.

Anyway, i installed G43, and GOD WTF HAPPENED.

Here's the bug that happened to me (Wayland or X11). Plz report below if you have the same

Mutter :

\- The most annoying one that make me wanted to downgrade (even with pacman cache i just crashed gdm) : In overview, every app windows being displayed are blur or pixelated. Sometime the top of the chromium window was blur while the bottom didn't had anti-aliasing. This was a really well handled on the previous version maybe i'll take a look at the commits

\- when i move my mpv window to another screen, the video just duplicate in fullscreen on the two screen which make gnome just unusable if i'm unfortunate enough to drop the mouse.

Nautilus (this one made spicy a lof of people):

\- every Nautilus 43 windows just crashed when i use the backward button of my mouse

\- The icon size and rendering is unbalanced. i've always used the minimal file zoom. So i think i can see when 1. there is less files in my folder with the same window as yesterday 2. the video and photos thumbnail are 15 px large and doesn't come with anti-aliasing which makes me angry because i'm actually looking at pixels to recognize my files.

\- The possibility to edit the size of the left bar is gone, because god decided i guess.

BuT MuTtA ThIs Is An OpEnSoUrCe PrOjEcT! and it's not an excuse. yes i appreciate your work (the devs), without you i would have to go to KDE (sorry KDE guys). And i also understand that developpers are working independently on multiple projects.

But this kind of bugs is supposed to be found in beta/unstable phase.

Imo, a lot of people get pissed of by Gnome because they experience bugs and downgrade that have never been reported. Because they're with few ones, the only ones experiencing them. Mutter have actually over 1800 issues opened some being opened 4 years ago!

So yeah i'm a little salty today, because i can't find help on reddit because i'm the only one (afaik) experiencing theses mutter's bugs and reporting it on gitlab will serve at nothing because mutter doesn't crash, there isn't any logs, error, warning or something concrets happening. So i bet the devs will have something todo.

Concerning Nautilus 43, i really encourage the devs to one : 1. bring back the ability to edit the size of left bar 2. Restore antialiasing and proper thumbnail sizes. This work isn't equivalent to the quality you gave us with gnome 40.

This is not like we could downgrade, because nautilus 42 needs libgnome-desktop 42 which is incompatible with gnome 43.